Reflecting on my year with Santa Clara Law

In May 2020, I embarked on an adventure with Santa Clara University School of Law as Privacy Tech & Law Fellow and Adjunct Professor. After close to a decade in practice, I wanted to take some time to write and teach. So it was quite intriguing when Professor Daniel Solove introduced me to Professor Eric Goldman just before the pandemic broke, to explore joining Santa Clara Law’s leading privacy law program.

A little over a year after joining Santa Clara Law, it is with both sadness and excitement that I’ve decided to hit a pause on academia (the sad part) and focus instead on the emerging privacy tech space (the exciting part). As some of you may know, I founded The Rise of Privacy Tech, with the mission to fuel privacy innovation, and I will be devoting almost all of my time and energy towards it. But before I move on, I took some time to recap and reflect on my time at Santa Clara Law.

The Recap …

It goes without saying that I’m truly grateful to have been able to teach, write, speak, and simply think about one of the subjects I’m most passionate about: privacy. Before this work chapter escapes me, I want to take inventory and celebrate some of the projects I completed during this short period of time.

I developed and taught a one-of-a-kind experiential Privacy & Technology course.

I previously wrote about my experiential Privacy & Technology course here, here, and here. TL;DR: I developed an experiential course to prepare law students as privacy professionals in the tech sector and to introduce them to the emerging privacy tech landscape. Throughout the semester, the students worked with early stage privacy tech startup clients.

I’ll soon be publishing a post on what version 2.0 of the Privacy & Technology course could look like based on my experience teaching the course this past spring, complete with links to an updated proposed syllabus, references, slides, etc.

I curated & hosted one season of the Let’s Talk Privacy & Technology webcast.

Last year, in addition to devoting hundreds of hours towards developing the experiential Privacy & Technology course, I also curated and hosted the Let’s Talk Privacy & Technology video series. Each episode featured a privacy expert, practitioner, academic, or innovator. We discussed the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more.

Links to the webcast recordings are available on Santa Clara Law’s YouTube channel.

I published the Privacy & Technology Medium blog, covering 25 pieces on various topics.

My year with Santa Clara Law bought me the time to write about various topics and issues in the intersection of privacy and technology.

My writing included the following evergreen content on privacy and technology topics I frequently found myself explaining repeatedly, such as:

• Defining Privacy Tech
• Product Privacy Data Sheets
• Conducting and Operationalizing Privacy Reviews
• Glossary of Common Privacy & Technology Terms

I voiced my opinion on timely topics such as audio social media startup Clubhouse’s privacy failures, which I wrote about in the following four-part series:

• When FOMO Trumps Privacy: The Clubhouse Edition
• Clubhouse’s App Rollout Signals To Consumers It Values Growth Over Them & Their Privacy
• A Proposed Clubhouse Blueprint for Leveraging Privacy to Achieve Growth, Instead of Growing At Privacy’s Expense
• The Privacy Due Diligence Clubhouse VCs Should’ve Conducted

My RA, Emily Ashley, and I co-wrote a two-part series on Apple’s privacy posture and the iOS14 privacy features:

• What Startups Can Learn From Apple’s Privacy Position
• Apple’s iOS14 privacy labels are rolling out today — and other notable iOS14 privacy features

I also published commentary on privacy law developments that impact technology at the state, federal, and international levels:

• On Regulating Privacy Enhancing Technologies (PETs) Through the Promoting Digital Privacy Technologies Act (S.224) — What It Is, What’s Good About It, How To Improve It
• Why I’m Voting for Prop 24 (CPRA) Despite Its Flaws
• What Schrems II Means for US Tech Startups

As referenced above, I documented my journey on developing and teaching my experiential Privacy & Technology course:

• On Teaching My Privacy & Technology Course
• How We Celebrated the 40th #DataPrivacyDay in My Privacy & Technology Course
• On Operationalizing Privacy Engineering into Development Process

I published episode notes for each episode of the Let’s Talk Privacy & Technology series:

• Episode 1: Building a Privacy-First Company with Richard Vibert
• Episode 2: Navigating the Intersection of Privacy & Security with Daniel Barber
• Episode 3: From Lawyer to Privacy Tech Founder with Rama Veeraragoo
• Episode 4: Prof. Woodrow Hartzog’s Privacy Design Agenda
• Episode 5: Building Privacy Into Cybersecurity Products with Paola Zeni
• Episode 6: Measuring Privacy’s Business Value with Michelle Dennedy
• Episode 7: Automated Privacy Consent with Lorrie Cranor
• Episode 8: Strategic Privacy by Design with Jason Cronk
• Episode 9: Deidentification with Luk Arbuckle
• Episode 10: Voter Privacy & Election Security with Joseph Hall

Lastly, I also guest blogged at Prof. Goldman’s Technology & Marketing Law Blog and Prof. de la Torre’s Golden Data Blog, on CCPA’s data valuation calculation and on the prospects of a comprehensive federal privacy law, respectively:

• The CCPA Proposed Regs’ Data Valuation Calculation Provisions Provide Flexibility, But Raise Ambiguity & Transparency Concerns
• Americans Could Be Getting a Comprehensive Federal Privacy Law Soon

With a dozen drafts remaining at various stages of the writing process, I plan to continue publishing on the Privacy & Technology Medium blog in my own time. This past year, I found writing to be quite painful. I still recall a former writing professor equating good writing to “kill[ing] your babies,” quoting William Faulkner. Writing an outline and even a first draft of a piece were relatively straightforward, but I often hit roadblocks when it came to revising and editing, especially after spending a period of time too close to a piece.

I advised and mentored Santa Clara Law students.

On top of my own Privacy & Technology course students, I advised four Tech Edge JD (TEJD) students and mentored several other privacy law certificate students who reached out. I thoroughly enjoyed meeting with my TEJD advisees, my own Privacy & Technology course students, and other Santa Clara Law students seeking advice. I particularly delighted in sharing networking, job search, and career development hacks with them. It was such an amazing feeling when they’d put in the work to apply these hacks and report back with success.

I spoke on privacy & technology topics at various conferences, media outlets, and publications.

As part of my work at Santa Clara Law, I spoke with various journalists and reporters from media outlets, both print and television, on various privacy issues, from the Apple-Facebook privacy war and the Clubhouse privacy fiasco to Clearview AI’s facial recognition mass surveillance and the Amazon Sidewalk privacy concerns.

Sharing select links to my conference speaking engagements and media quotes:

• BSides Las Vegas 2021 (on lessons drawn from cybersecurity in the rise of privacy tech)
• RSA Conference 2021 (on lessons drawn from cybersecurity in the rise of privacy tech)
• In-House Counsel Institute 2021 (about how lawyers can make the business case for privacy tech tools)
• High Tech Law Journal Symposium 2021 (on fueling privacy tech)
• Tom’s Guide, July 10, 2021 (on the difference in the privacy and security reception between Amazon Sidewalk vs Apple’s Find My)
• Business Insider, June 6, 2021 (on Amazon Sidewalk’s privacy concerns)
• Tom’s Guide, April 18, 2021 (about social media companies’ recent data-leak-vs-breach-semantics distraction from their real privacy failures)
• Balkan Insight, April 13, 2021 (about Clubhouse’s privacy failures and against using current content moderation issues to manufacture false trade-offs between speech & privacy rights)
• ABC7 News Bay Area, March 11, 2021 (about the privacy lawsuit against Clearview AI for scraping millions of people’s photos, names & other personal information to feed the facial recognition tech it sells to law enforcement)
• San Jose Spotlight, March 15, 2021 (on why San Jose is right to push for regulation of surveillance tech)
• SF Chronicle, March 2, 2021 (on the Apple v. Facebook privacy battle)
• SF Chronicle, February 26, 2021 (about the Facebook $650M class action settlement)
• SiliconANGLE, February 21, 2021 (about Clubhouse’s privacy failures)
• KnowIt, May 13, 2020 (on the data ownership debate)

Spreading awareness on privacy issues will always be a part of my life’s work, so I’m grateful to have been able to do more of this work while at Santa Clara Law.

The Reflections …

Before directing my time and attention towards the emerging privacy tech space, I spent some time reflecting on my past year with Santa Clara Law. Why? Because examining what went right, wrong, and sideways is equally important as celebrating the wins.

Teaching is one of the more fulfilling jobs I’ve ever held.

Teaching allowed me to pass on my decade’s worth of practical knowledge — or at least parts of it — to my students, including things I and other privacy practitioners and guest lecturers wish we had known when we were just starting out in our privacy careers, from the soft skills needed to work with technical teams to introductory resources on privacy engineering, privacy enhancing technologies, and the more technical parts of privacy.

While I always suspected that teaching would be fulfilling, I was surprised by the natural high it left in me. This was even more pronounced when a student demonstrated that they grasped a concept I was trying to hone in on (like making the business case for privacy), or when they got a gig with their assigned privacy tech startup after the semester was over.

The pandemic threw a wrench into my time at Santa Clara Law.

I recognize that the pandemic wreaked havoc on everyone else’s work and lives, in general. That said, it specifically prevented me from integrating into the Santa Clara Law community. I did enjoy the virtual events I attended with my colleagues and with my students, but they simply weren’t quite the same as knocking on someone’s office door for a chat. I still have not met my Teaching & Research Associate, Emily, or anyone of my students in person! Same goes for my colleagues, except for Prof. Goldman, whom I visited on campus just before the lockdown began.

The pandemic also meant that I had to teach my Privacy & Technology course on Zoom, instead of in-person. This meant not being able to read the room as well as I would’ve been able to had we been in a traditional classroom. I assume this also meant missing opportunities to provide additional attention and support to students who may have been struggling. (I write more about how we tried to anticipate and mitigate these with post-class office hours, etc. in my version 2.0 post.)

Academia admittedly remains foreign to me, but I look forward to reintegrating into it in the future.

A year later, there are many things that I still don’t understand about academia.

For example, when I first joined Santa Clara Law, I was warned about bureaucratic pitfalls in academia, which I naively shrugged off. After all, how could it be worse or that different from tech, Big Law, or corporate America? I fortunately didn’t get to find out, partly due to the pandemic and partly because, I suspect, Prof. Goldman shielded me from much of it by acting as a buffer in potentially hairy situations.

I’m grateful for the guidance and tips that other privacy academics — Profs. Solove, Goldman, and Hartzog all quickly come to mind — shared with me as I ventured into the space. When I started my journey last year, I didn’t know which academic track I wanted to pursue — tenured, clinic, administrative, or adjunct — or that there were tracks to begin with.

Having barely scratched the surface, a part of me still wants to get back to academia at some point in the future — but not until after I explore and go all in on the emerging privacy tech space.